Digitisation and data-centricity have made cyber security a basic requirement. At the same time, security is still categorised as a non-functional requirement, sometimes even the stumbling block for new and exciting projects. Through your security strategy, you plan how to protect resources and data. This involves assessing your organisation’s risk, determining the ‘crown jewels’ to be protected, establishing your maturity level versus the desired level, and identifying how to get there. But how does your business strategy influence security? What role does the changing network play? And how can it all be made concrete?